The Fourth Circuit Court of Appeals has released its decision in BMG v Cox Communications, an appeal involving secondary liability for copyright infringement.[1] The case has been closely followed by Internet service providers (“ISPs”), the content industry, attorneys, academics, and copyright and cyberlaw experts – generally anyone interested in copyright and the Internet.

In the case below, the district court stripped Cox of its Digital Millennium Copyright Act (“DMCA”) safe harbor, and following a two week jury trial, Cox was found liable for willful contributory copyright infringement – secondary liability was based on direct infringement by Cox broadband subscribers using BitTorrent to illegally download music owned by BMG.[2] BMG was awarded $25 million in statutory damages, plus $8 in attorneys fees and costs. Cox appealed, asserting the district court erred in denying it a DMCA safe harbor defense and that the court incorrectly instructed the jury on the standard for contributory infringement.

In its opinion, the Fourth Circuit affirmed the district court’s ruling that Cox is not entitled to a DMCA safe harbor defense, but reversed in part and vacated in part the district court’s decision, and remanded for a new trial because of certain errors in the court’s jury instructions. Previous blog posts covered the details of BMG’s suit against Cox and the district court’s summary judgment decision. This blog post covers only the part of the Fourth Circuit’s decision concerning the DMCA safe harbor.

Fourth Circuit: Who is or Should be Considered a Repeat Infringer?

Enacted in 1998 to, among other things, combat online copyright infringement, the DMCA establishes a safe harbor that allows qualifying ISPs to limit their liability for claims of copyright infringement. To qualify, an ISP must adopt and reasonably implement a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the ISP’s system or network who are “repeat infringers.”[3] While the phrase “reasonably implement” is not defined in the statute, courts have interpreted the phrase to have two separate elements: (1) whether a service provider implemented its policy; and (2) whether that implementation was reasonable.[4] Cox was stripped of its DMCA safe harbor defense in the case below for failing to reasonably implement its policy after the district court concluded Cox did not terminate the service of repeat infringers under appropriate circumstances.

On appeal, Cox first argued that it complied with the DMCA safe harbor requirements “because BMG did not show that Cox failed to terminate any adjudicated infringers.” In other words, Cox claimed that to be a “repeat infringer,” a subscriber must have been adjudicated as such – “held liable by a court for multiple instances of copyright.”[5]

The Fourth Circuit rejected Cox’s argument. Applying the art of statutory interpretation using both intrinsic and extrinsic sources, the Fourth Circuit concluded that the term infringer “is not limited to adjudicated infringers.” While not expressly adopting a definition of repeat infringer, the Fourth Circuit noted that “[t]he only circuit to expressly consider the definition of a ‘repeat infringer’ in the DMCA has defined it to mean ‘someone who interferes with one of the exclusive rights of a copyright’ ‘again or repeatedly.’”[6] That description fits with the the definition of infringer found in Black’s Law Dictionary, which the Fourth Circuit used to establish the ordinary meaning of the term.[7]

Additionally, the Fourth Circuit looked at the legislative history of the DMCA, insisting that Congress intended for Internet subscribers to face the threat of losing access if they disrespected the intellectual property rights of others. The Fourth Circuit used this to grind Cox’s argument into the dirt, concluding that “the risk of losing one’s Internet access would hardly constitute a ‘realistic threat’ capable of deterring infringement if that punishment applied only to those already subject to civil penalties and legal fees as adjudicated infringers.” Notably, the Fourth Circuit ruled that the ordinary meaning of infringer, variations of how infringer is used throughout the DMCA, the use of infringer and similar terms in the whole copyright act, and the legislative history all went against Cox’s argument.

In short, Cox argued only actual repeat infringers should be kicked off the Internet. Why? As copyright attorneys and network operators know, ISPs regularly receive a tremendous amount of erroneous DMCA notices. Rightscorp’s technology is not perfect; it often makes mistakes. Other content owners often mistakenly send erroneous DMCA notices to ISPs. Furthermore, in the past, copyright infringement notices have been used to silence speech or intimidate individuals engaged in fair use of copyrighted content. Astonishingly, the Fourth Circuit completely ignores all of this, issuing a decision that can be read to allow someone to be kicked off the Internet based entirely on unproven (or potentially false) accusations. It doesn’t seem right to cut someone from accessing the Internet – what Supreme Court Justice Anthony Kennedy has said is clearly the most important public forum for engaging in free speech – based on unproven accusations.[8]

Fourth Circuit: How to Reasonably Implement a Repeat Infringer Policy

Next, the Fourth Circuit considered whether Cox reasonably implemented its repeat infringer policy – the part of the opinion everyone was waiting for. It determined Cox formally adopted a repeat infringer policy, but concluded that Cox “made every effort to avoid reasonably implementing [it].”[9] It came to this conclusion based on Cox’s actions that generally fall into three categories, which are summarized in turn below: (1) Cox used a thirteen strike policy; (2) Cox quickly reactivated subscribers after termination; (3) Cox disregarded DMCA notices issued by BMG’s agent Rightscorp

     Thirteen strikes and you’re out – well, temporarily out...maybe. Cox’s repeat infringer policy was structured as a thirteen strike process, which according to the Fourth Circuit, showed Cox was “very clearly determined not to terminate subscribers who in fact repeatedly violated the policy.”[10] To refresh your memory on how all of this works, here is some quick background. Someone launches BitTorrent to download a copy of a song which is owned or licensed by BMG. Rightscorp somehow detects it, and automatically produces a copyright notice which is sent to the ISP, in this case Cox, that provides Internet access service to the IP address used to complete the download. Now, here’s how the Fourth Circuit explained how Cox’s thirteen strike policy worked:

• Strike 1 – The first notice alleging a subscriber’s infringement produces no action from Cox.
• Strike 2 through 7 – The second through seventh notices result in warning emails from Cox to the subscriber.
• Strike 8 and 9 – After the eighth and ninth notices, Cox limits the subscriber’s Internet access to a single webpage that contains a warning, but the subscriber can reactivate complete service by clicking an acknowledgement.
• Strike 10 and 11 – After the tenth and eleventh notices, Cox suspends services, requiring the subscriber to call a technician, who, after explaining the reason for suspension and advising removal of infringing content, reactivates service.
• Strike 12 – After the twelfth notice, the subscriber is suspended and directed to a specialized technician, who, after another warning to cease infringing conduct, reactivates service. 
• Strike 13 – After the thirteenth notice, the subscriber is again suspended, and, for the first time, considered for termination.[11]

Additionally, Cox applied various limitations on its thirteen strike repeat infringer policy which undoubtedly played a role in the Fourth Circuit’s analysis:

• Cox never automatically terminates a subscriber.
• Cox restricts the number of notices it will process from any copyright holder or agent in one day.
• Any notice received after the daily limit has been met does not count in Cox’s graduated response escalation. 
• Cox counts only one notice per subscriber per day.
• Cox resets a subscriber’s thirteen-strike counter every six months.[12]

Considering Cox’s thirteen strike repeat infringer policy and the policy’s various limitations, the Fourth Circuit concluded that “Cox failed to qualify for the DMCA safe harbor because it failed to implement its policy in any consistent or meaningful way — leaving it essentially with no policy.”[13] So there you have it. It’s not enough to simply have a repeat infringer policy, an ISP must actually carry out its policy.

     Cox terminated repeat infringer subscribers, but then quickly reactivated them – something the DMCA does not expressly prohibit. While the Fourth Circuit concluded Cox never automatically terminated a subscriber for alleged copyright infringement, Cox did terminate subscribers. However, “[t]he evidence,” the Fourth Circuit found, “shows that Cox always reactivated subscribers after termination, regardless of its knowledge of the subscriber’s infringement.” Remember, for an ISP to avail itself of the DMCA safe harbor it must adopt and reasonably implement a policy that provides for the termination in appropriate circumstances of subscribers who are repeat copyright infringers. Permanently terminate? Terminate for a month? A week? A few days? Who knows, the DMCA doesn’t say. Here’s what the Fourth Circuit says: “An ISP cannot claim the protections of the DMCA safe harbor provisions merely by terminating customers as a symbolic gesture before indiscriminately reactivating them within a short timeframe.”[14] OK, so an ISP can reactivate after a period of time longer than a short timeframe...

     Cox disregarded DMCA notices (a/k/a settlement offers) issued by BMG’s agent Rightscorp. When Cox began receiving DMCA copyright notices from Rightscorp in 2011, Cox told Rightscorp to remove any settlement language from the notices, or the notices would not be processed. Cox continued to blacklist Rightscorp notices after BMG began using Rightscorp as its agent. The Fourth Circuit viewed “Cox’s decision to categorically disregard all notices from Rightscorp [as] further evidence that Cox did not reasonably implement a repeat infringer policy.”[15]

First, let me say this seems like a really stupid move by Cox. But second, let me say this – Rightscorp DMCA notices that contain settlement offers are comparable to extortion and blackmail. Content owners and enforcement thugs like Rightscorp have hijacked the DMCA notice process to intimidate consumers. They are designed to threaten and pressure recipients, regardless of the fact that the notice may be false or erroneous. Broadband subscribers find DMCA notices containing settlement offers to be confusing at best, and harassing at worst. Most legal experts (and probably all ISPs) believe notices that contain settlement offers fall outside the “spirit” of the DMCA.

So what can be gleaned from the Fourth Circuit’s opinion? Well, it depends. For a notice of alleged infringement to be DMCA-compliant, it must “substantially” meet the requirements of the statute – identify the allegedly infringed work, identify the allegedly infringing IP address through, identify the date and time the alleged infringement occurred, and include the copyright owner’s contact information. Absolute compliance is not required, but the DMCA notice must not be misleading, inaccurate, or deficient in any way. Does the inclusion of a threatening settlement offer render an otherwise compliant DMCA notice invalid? Who knows. No circuit has spoken directly to that question. What we do know is that in BMG v. Cox, the Fourth Circuit, didn’t agree with Cox’s decision to simply throw all Rightscorp DMCA notices in the garbage because they included a settlement offer. Here’s what the it said: “Cox never considered removing the settlement language itself or using other means to inform its subscribers of the allegedly infringing activity observed by Rightscorp.”[16] At least one of the largest ISPs in the U.S. already follows the Fourth Circuits advice, and strips settlement language from notices. And to be sure, the DMCA does not require ISPs to forward settlement offers to their subscribers.

What’s The Impact of The Fourth Circuit’s Opinion on Repeat Infringer Policies?

For sure, ISPs will dust off their repeat infringer policies and internal processes and give them a full review based on what the Fourth Circuit said in its opinion. Most ISPs probably do a better job at enforcing their policies in comparison to how Cox implemented or didn’t implement its policy. At the same time, most if not all ISPs share many of the views Cox expressed during its battle with BMG and BMG’s enforcement agent Rightscorp. Even though the Fourth Circuit’s decision will cause ISPs to review their DMCA policies, how much help will the opinion really be? It still leaves so many questions unanswered: How many DMCA notices should result in the termination of a subscriber? What is the relevant time period for counting DMCA notices – one month, six months, one year? After terminating an alleged infringer, how long must the ISP wait until restarting service? Does it matter that the terminated subscriber can start service with a different ISP the next day?

********************

[1] BMG Rights Management (US) LLC v. Cox Communications, Inc., No. 16-1972 (4th Cir. 2018) (Opinion).

[2] BMG Rights Management (US) LLC v. Cox Communications, Inc., 149 F.Supp.3d 634 (E.D. Va. 2015) (summary judgment opinion stripping Cox of DMCA safe harbor protection) (Summary Judgment Order); BMG Rights Management (US) LLC v. Cox Communications, Inc., 199 F.Supp.3d 958 (E.D. Va. 2016) (memorandum opinion denying all post-trial motions).

[3] 17 U.S.C. § 512(i)(1)(A).  In addition, a qualifying ISP must accommodate “standard technical measures” that are “used by copyright owners to identify or protect copyrighted works.”  17 U.S.C. § 512(i)(1)(B), (i)(2). While the ISP safe harbor statute does not expressly require designation of a DMCA agent, properly designating a DMCA agent will help determine whether an ISP has reasonably implemented a repeat infringer policy. See Ellison v. Robertson, 357 F.3d 1072, 1080 (9th Cir. 2004).

[4] BMG, 149 F.Supp.3d at 653 (citing Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102, 1109-10 (9th Cir. 2010)). The district court explained that an ISP has implemented a repeat infringer policy if it has a working notification system and a procedure for dealing with DMCA-compliant notifications, and it does not actively prevent copyright owners from collecting information needed to issue such notifications. It further opined that a service provider’s implementation is reasonable if it terminates a repeat infringer’s access in appropriate circumstances. Id. at 653-4.

[5] Opinion at p. 12.

[6] Opinion at p. 14 (citing EMI Christian Music Grp., Inc. v. MP3tunes, LLC, 844 F.3d 79, 89 (2d Cir. 2016)). Cox was unable to cite a single case adopting its view of the term repeat infringer.

[7] “The ordinary meaning of an infringer is ‘[s]omeone who interferes with one of the exclusive rights of a . . . copyright’ holder — in short, one who infringes a copyright.” Opinion at p. 12 (quoting Infringer, Black’s Law Dictionary 902 (10th ed. 2014)).

[8] See Packingham v. North Carolina, 582 U.S. __ (2017).

[9] Opinion at P. 16.

[10] Opinion at p. 16.

[11] Opinion at pp. 7-8.

[12] Opinion at p. 8.

[13] Opinion at p. 20.

[14] Opinion at p. 17.

[15] Opinion at p. 18.

[16] Opinion at p. 9.